Linux Administration Handbook, 2/e (Paperback)

Description

The first edition of this book became known for its thorough and lucid

coverage of some of the toughest topics in system administration including

DNS, sendmail and security. The new edition will focus on many open source

tools that have gained acceptance since 1/e was published, including Nagios

for network monitoring.

Most titles on Linux administration focus on the configuration of a single box.

LAH was the first title in this area to focus on the administration of a Linux

system in a production environment. Linux Administration Handbook

examines how Linux systems behave in real-world ecosystems, not how they

might behave in ideal environments. The Second Edition incorporates the

changes in Linux systems in the past 18 months, which include current versions

of RedHat, SuSE and Debian systems, new topics like Logical Volume

Manager, X11 basic administration and Nagios. Chapters on system admin

policy, bind, sendmail and security have been updated.

 

Foreword to the First Edition xxxiii
Preface xxxiv
Acknowledgments xxxvii
Section One: Basic Administration 1
Chapter 1: Where to Start 3
Suggested background 4

Linux’s relationship to UNIX 4

Linux in historical context 5

Linux distributions 6

Notation and typographical conventions 9

Where to go for information 11

How to find and install software 14

Essential tasks of the system administrator 16

System administration under duress 18

Recommended reading 19

Exercises 20

Chapter 2: Booting and Shutting Down 21
Bootstrapping 21

Booting PCs 25

Using boot loaders: LILO and GRUB 26

Booting single-user mode 31

Working with startup scripts 32

Rebooting and shutting down 40

Exercises 43

Chapter 3: Rootly Powers 44
Ownership of files and processes 44

The superuser 46

Choosing a root password 47

Becoming root 48

Other pseudo-users 51

Exercises 52

Chapter 4: Controlling Processes 53
Components of a process 53

The life cycle of a process 56

Signals 57

kill and killall: send signals 60

Process states 60

nice and renice: influence scheduling priority 61

ps: monitor processes 62

top: monitor processes even better 65

The /proc filesystem 65

strace: trace signals and system calls 66

Runaway processes 67

Recommended reading 69

Exercises 69

Chapter 5: The Filesystem 70
Pathnames 72

Filesystem mounting and unmounting 73

The organization of the file tree 75

File types 76

File attributes 81

Access control lists 88

Exercises 92

Chapter 6: Adding New Users 93
The /etc/passwd file 93

The /etc/shadow file 99

The /etc/group file 101

Adding users 102

Removing users 107

Disabling logins 108

Managing accounts 108

Exercises 110

Chapter 7: Adding a Disk 111
Disk interfaces 111

Disk geometry 119

Linux filesystems 120

An overview of the disk installation procedure 122

hdparm: set IDE interface parameters 129

fsck: check and repair filesystems 131

Adding a disk: a step-by-step guide 133

Advanced disk management: RAID and LVM 138

Mounting USB drives 147

Exercises 148

Chapter 8: Periodic Processes 150
cron: schedule commands 150

The format of crontab files 151

Crontab management 153

Some common uses for cron 154

Other schedulers: anacron and fcron 156

Exercises 157

Chapter 9: Backups 158
Motherhood and apple pie 159

Backup devices and media 163

Setting up an incremental backup regime with dump 169

Restoring from dumps with restore 173

Dumping and restoring for upgrades 176

Using other archiving programs 177

Using multiple files on a single tape 178

Bacula 179

Commercial backup products 197

Recommended reading 198

Exercises 198

Chapter 10: Syslog and Log Files 201
Logging policies 201

Linux log files 204

logrotate: manage log files 208

Syslog: the system event logger 209

Condensing log files to useful information 220

Exercises 222

Chapter 11: Software and Configuration Management 223
Basic Linux installation 223

Diskless clients 232

Package management 234

High-level package management systems 237

Revision control 247

Localization and configuration 255

Configuration management tools 260

Sharing software over NFS 263

Recommended software 266

Recommended reading 268

Exercises 268

Section Two: Networking 269
Chapter 12: TCP/IP Networking 271
TCP/IP and the Internet 272

Networking road map 275

Packets and encapsulation 276

IP addresses: the gory details 282

Routing 293

ARP: the address resolution protocol 296

Addition of a machine to a network 297

Distribution-specific network configuration 307

DHCP: the Dynamic Host Configuration Protocol 311

Dynamic reconfiguration and tuning 314

Security issues 316

Linux NAT 319

PPP: the Point-to-Point Protocol 320

Linux networking quirks 330

Recommended reading 331

Exercises 332

Chapter 13: Routing 334
Packet forwarding: a closer look 335

Routing daemons and routing protocols 337

Protocols on parade 341

routed: RIP yourself a new hole 343

gated: gone to the dark side 344

Routing strategy selection criteria 344

Cisco routers 346

Recommended reading 348

Exercises 349

Chapter 14: Network Hardware 350
LAN, WAN, or MAN? 351

Ethernet: the common LAN 351

Wireless: nomad’s LAN 359

FDDI: the disappointing, expensive, and outdated LAN 361

ATM: the promised (but sorely defeated) LAN 362

Frame relay: the sacrificial WAN 363

ISDN: the indigenous WAN 364

DSL and cable modems: the people’s WAN 364

Where is the network going? 365

Network testing and debugging 366

Building wiring 366

Network design issues 368

Management issues 370

Recommended vendors 371

Recommended reading 372

Exercises 372

Chapter 15: DNS: The Domain Name System 373
DNS for the impatient: adding a new machine 374

The history of DNS 375

Who needs DNS? 377

The DNS namespace 378

How DNS works 383

What’s new in DNS 386

The DNS database 389

The BIND software 409

Designing your DNS environment 415

BIND client issues 418

BIND server configuration 420

BIND configuration examples 439

Starting named 446

Updating zone files 447

Security issues 451

Testing and debugging 466

Distribution specifics 478

Recommended reading 481

Exercises 482

Chapter 16: The Network File System 484
General information about NFS 484

Server-side NFS 489

Client-side NFS 492

nfsstat: dump NFS statistics 495

Dedicated NFS file servers 496

Automatic mounting 497

Recommended reading 500

Exercises 501

Chapter 17: Sharing System Files 502
What to share 503

nscd: cache the results of lookups 504

Copying files around 505

NIS: the Network Information Service 511

LDAP: the Lightweight Directory Access Protocol 520

Recommended reading 526

Exercises 527

Chapter 18: Electronic Mail 528
Mail systems 530

The anatomy of a mail message 534

Mail philosophy 539

Mail aliases 544

Mailing lists and list wrangling software 551

sendmail: ringmaster of the electronic mail circus 557

sendmail configuration 565

Basic sendmail configuration primitives 570

Fancier sendmail configuration primitives 574

Spam-related features in sendmail 588

Configuration file case study 599

Security and sendmail 603

sendmail performance 611

sendmail statistics, testing, and debugging 615

The Exim Mail System 621

Postfix 623

Recommended reading 639

Exercises 640

Chapter 19: Network Management and Debugging 643
Network troubleshooting 644

ping: check to see if a host is alive 645

traceroute: trace IP packets 647

netstat: get network statistics 649

sar: inspect live interface activity 654

Packet sniffers 655

Network management protocols 657

SNMP: the Simple Network Management Protocol 659

The NET-SMNP agent 661

Network management applications 662

Recommended reading 667

Exercises 668

Chapter 20: Security 669
Is Linux secure? 670

How security is compromised 671

Certifications and standards 673

Security tips and philosophy 676

Security problems in /etc/passwd and /etc/shadow 678

POSIX capabilities 683

Setuid programs 683

Important file permissions 684

Miscellaneous security issues 685

Security power tools 688

Cryptographic security tools 694

Firewalls 701

Linux firewall features: IP tables 704

Virtual private networks (VPNs) 708

Hardened Linux distributions 710

What to do when your site has been attacked 710

Sources of security information 712

Recommended reading 715

Exercises 716

Chapter 21: Web Hosting and Internet Servers 719
Web hosting basics 720

HTTP server installation 724

Virtual interfaces 727

The Secure Sockets Layer (SSL) 730

Caching and proxy servers 733

Anonymous FTP server setup 734

Exercises 736

Section Three: Bunch O’ Stuff 739

Chapter 22: The X Window System 741
The X display manager 743

Running an X application 744

X server configuration 748

Troubleshooting and debugging 754

A brief note on desktop environments 757

Recommended Reading 759

Exercises 759

Chapter 23: Printing 761
Printers are complicated 762

Printer languages 763

CUPS architecture 767

CUPS server administration 772

Troubleshooting tips 780

Printer practicalities 782

Other printer advice 784

Printing under KDE 788

Recommended reading 790

Exercises 790

Chapter 24: Maintenance and Environment 791
Hardware maintenance basics 791

Maintenance contracts 792

Electronics-handling lore 793

Monitors 794

Memory modules 794

Preventive maintenance 795

Environment 796

Power 798

Racks 799

Data center standards 800

Tools 800

Recommended reading 800

Exercises 802

Chapter 25: Performance Analysis 803
What you can do to improve performance 804

Factors that affect performance 806

System performance checkup 807

Help! My system just got really slow! 817

Recommended reading 819

Exercises 819

Chapter 26: Cooperating with Windows 821
Logging in to a Linux system from Windows 821

Accessing remote desktops 822

Running Windows and Windows-like applications 825

Using command-line tools with Windows 826

Windows compliance with email and web standards 827

Sharing files with Samba and CIFS 828

Sharing printers with Samba 836

Debugging Samba 840

Recommended reading 841

Exercises 842

Chapter 27: Serial Devices 843
The RS-232C standard 844

Alternative connectors 847

Hard and soft carrier 852

Hardware flow control 852

Cable length 853

Serial device files 853

setserial: set serial port parameters 854

Software configuration for serial devices 855

Configuration of hardwired terminals 855

Special characters and the terminal driver 859

stty: set terminal options 860

tset: set options automatically 861

Terminal unwedging 862

Modems 862

Debugging a serial line 864

Other common I/O ports 865

Exercises 866

Chapter 28: Drivers and the Kernel 868
Kernel adaptation 869

Drivers and device files 870

Why and how to configure the kernel 873

Tuning Linux kernel parameters 874

Building a Linux kernel 876

Adding a Linux device driver 878

Loadable kernel modules 880

Hot-plugging 882

Setting bootstrap options 883

Recommended reading 884

Exercises 884

Chapter 29: Daemons 885
init: the primordial process 886

cron and atd: schedule commands 887

xinetd and inetd: manage daemons 887

Kernel daemons 893

Printing daemons 894

File service daemons 895

Administrative database daemons 896

Electronic mail daemons 897

Remote login and command execution daemons 898

Booting and configuration daemons 898

Other network daemons 900

ntpd: time synchronization daemon 902

Exercises 903

Chapter 30: Management, Policy, and Politics 904
Make everyone happy 904

Components of a functional IT organization 906

The role of management 907

The role of administration 915

The role of development 919

The role of operations 924

The work of support 927

Documentation 930

Request-tracking and trouble-reporting systems 934

Disaster recovery 938

Written policy 943

Legal Issues 949

Software patents 957

Standards 958

Linux culture 961

Mainstream Linux 962

Organizations, conferences, and other resources 964

Recommended Reading 968

Exercises 970

Index 973
About the Contributors 999
About the Authors 1001